The 'bid' parameter in /delete.php of Code-Projects Blood Bank V1.0 is vulnerable to Out-of-Band SQL Injection. Attackers can exploit this by using Burp Collaborator to execute OOB SQL injection attacks, potentially gaining access to sensitive data.
The 'rename', 'remail', 'rphone', and 'rcity' parameters in the 'updateprofile.php' file of Code-Projects Blood Bank V1.0 are vulnerable to Stored Cross-Site Scripting (XSS) due to lack of proper input validation. An attacker can inject malicious scripts into these parameters, and when stored on the server, these scripts may get executed when viewed by other users.
Simple Task List version 1.0 is vulnerable to SQL Injection in the 'status' parameter of the addTask.php file. An attacker can exploit this vulnerability to execute malicious SQL queries, potentially leading to unauthorized access and extraction of sensitive data from the database.
Teacher Subject Allocation Management System version 1.0 is vulnerable to SQL injection due to inadequate security measures on the 'searchdata' parameter in the index.php file. This vulnerability can be exploited by injecting malicious SQL queries, potentially allowing unauthorized access to sensitive database information.
The vulnerability exists in Blood Bank v1.0 due to insufficient input validation on 'hemail' and 'hpassword' parameters, enabling attackers to perform SQL injection attacks. This allows unauthorized access to the database by bypassing authentication mechanisms. Multiple CVEs have been assigned: CVE-2023-46014, CVE-2023-46017, CVE-2023-46018.
The vulnerability exists in Blood Bank v1.0 due to insufficient input validation on 'hemail' and 'hpassword' parameters. This allows attackers to execute SQL injection attacks, bypass authentication, and unauthorized access the database. The affected file is /hospitalLogin.php.
Services By CQR